8 matches found
Open WebUI 授权问题漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.8.11 had an authorization issue vulnerability. This vulnerability stemmed from the internal bypassfilter parameter being exposed through FastA...
Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)
Summary When setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may consider their system prompt confidential, so we consider this a security issue. Compare...
LobeHub: Unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header
Summary The webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected...
CVE-2025-68152 Juju: Read All Controller Logs From Compromised Workload
Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the stop triggers and /models command. An attacker can disrupt active sessions and access sensitive model or authentication metadata by sending unauthorized...
CVE-2018-13885
Possible memory overread may be lead to access of sensitive data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9650, MDM9655, QCS605, Qualcomm 215, SD...
BIT-MLFLOW-2023-6975 Path Traversal: '\..\filename'
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information...
GHSA-HH8P-P8MP-GQHM MLFlow Path Traversal Vulnerability
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information...